org.jsslutils.extra.apachehttpclient
Class SslContextedSecureProtocolSocketFactory

java.lang.Object
  extended by org.jsslutils.extra.apachehttpclient.SslContextedSecureProtocolSocketFactory
All Implemented Interfaces:
org.apache.commons.httpclient.protocol.ProtocolSocketFactory, org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory

public class SslContextedSecureProtocolSocketFactory
extends Object
implements org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory

This is a SecureProtocolSocketFactory for with the SSLContext can be configured. It is based on Sebastian Hauer's StrictSSLProtocolSocketFactory, available in the contribution directory of the Apache HTTP client library 3.1. The main difference is that the SSLContext can be set, which means that the use of client certificates or CRLs may be configured this way. The intent was to use it in conjunction with jSSLutils, but it is not a dependency. If no SSLContext is set up, the default SSLSocketFactory is used.

Author:
Bruno Harbulot, Sebastian Hauer

DISCLAIMER: HttpClient developers DO NOT actively support this component. The component is provided as a reference material, which may be inappropriate for use without additional customization.


Constructor Summary
SslContextedSecureProtocolSocketFactory()
          Constructor for SslContextedSecureProtocolSocketFactory.
SslContextedSecureProtocolSocketFactory(boolean verifyHostname)
          Constructor for SslContextedSecureProtocolSocketFactory.
SslContextedSecureProtocolSocketFactory(SSLContext sslContext)
          Constructor for SslContextedSecureProtocolSocketFactory.
SslContextedSecureProtocolSocketFactory(SSLContext sslContext, boolean verifyHostname)
          Constructor for SslContextedSecureProtocolSocketFactory.
 
Method Summary
 Socket createSocket(Socket socket, String host, int port, boolean autoClose)
           
 Socket createSocket(String host, int port)
           
 Socket createSocket(String host, int port, InetAddress clientHost, int clientPort)
           
 Socket createSocket(String host, int port, InetAddress localAddress, int localPort, org.apache.commons.httpclient.params.HttpConnectionParams params)
          Attempts to get a new socket connection to the given host within the given time limit.
 boolean getHostnameVerification()
          Gets the status of the host name verification flag.
protected  SSLSocketFactory getSslSocketFactory()
          Returns the SSLSocketFactory to use to create the sockets.
 void setHostnameVerification(boolean verifyHostname)
          Set the host name verification flag.
 void setSSLContext(SSLContext sslContext)
          Sets the SSLContext to use.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SslContextedSecureProtocolSocketFactory

public SslContextedSecureProtocolSocketFactory(SSLContext sslContext,
                                               boolean verifyHostname)
Constructor for SslContextedSecureProtocolSocketFactory.

Parameters:
sslContext - The SSLContext to use for building the SSLSocketFactory. If this is null, then the default SSLSocketFactory is used.
verifyHostname - The host name verification flag. If set to true the SSL sessions server host name will be compared to the host name returned in the server certificates "Common Name" field of the "SubjectDN" entry. If these names do not match a Exception is thrown to indicate this. Enabling host name verification will help to prevent from man-in-the-middle attacks. If set to false host name verification is turned off. Code sample:
Protocol stricthttps = new Protocol( "https", new SslContextedSecureProtocolSocketFactory(sslContext,true), 443); HttpClient client = new HttpClient(); client.getHostConfiguration().setHost("localhost", 443, stricthttps);

SslContextedSecureProtocolSocketFactory

public SslContextedSecureProtocolSocketFactory(SSLContext sslContext)
Constructor for SslContextedSecureProtocolSocketFactory. Host name verification will be enabled by default.

Parameters:
sslContext - The SSLContext to use for building the SSLSocketFactory. If this is null, then the default SSLSocketFactory is used.

SslContextedSecureProtocolSocketFactory

public SslContextedSecureProtocolSocketFactory(boolean verifyHostname)
Constructor for SslContextedSecureProtocolSocketFactory. The default SSLSocketFactory will be used by default.

Parameters:
verifyHostname - The host name verification flag. If set to true the SSL sessions server host name will be compared to the host name returned in the server certificates "Common Name" field of the "SubjectDN" entry. If these names do not match a Exception is thrown to indicate this. Enabling host name verification will help to prevent from man-in-the-middle attacks. If set to false host name verification is turned off.

SslContextedSecureProtocolSocketFactory

public SslContextedSecureProtocolSocketFactory()
Constructor for SslContextedSecureProtocolSocketFactory. By default, the default SSLSocketFactory will be used and host name verification will be enabled.

Method Detail

setHostnameVerification

public void setHostnameVerification(boolean verifyHostname)
Set the host name verification flag.

Parameters:
verifyHostname - The host name verification flag. If set to true the SSL sessions server host name will be compared to the host name returned in the server certificates "Common Name" field of the "SubjectDN" entry. If these names do not match a Exception is thrown to indicate this. Enabling host name verification will help to prevent from man-in-the-middle attacks. If set to false host name verification is turned off.

getHostnameVerification

public boolean getHostnameVerification()
Gets the status of the host name verification flag.

Returns:
Host name verification flag. Either true if host name verification is turned on, or false if host name verification is turned off.

createSocket

public Socket createSocket(String host,
                           int port,
                           InetAddress clientHost,
                           int clientPort)
                    throws IOException,
                           UnknownHostException
Specified by:
createSocket in interface org.apache.commons.httpclient.protocol.ProtocolSocketFactory
Throws:
IOException
UnknownHostException
See Also:
ProtocolSocketFactory.createSocket(java.lang.String,int,java.net.InetAddress,int)

createSocket

public Socket createSocket(String host,
                           int port,
                           InetAddress localAddress,
                           int localPort,
                           org.apache.commons.httpclient.params.HttpConnectionParams params)
                    throws IOException,
                           UnknownHostException,
                           org.apache.commons.httpclient.ConnectTimeoutException
Attempts to get a new socket connection to the given host within the given time limit.

This method employs several techniques to circumvent the limitations of older JREs that do not support connect timeout. When running in JRE 1.4 or above reflection is used to call Socket#connect(SocketAddress endpoint, int timeout) method. When executing in older JREs a controller thread is executed. The controller thread attempts to create a new socket within the given limit of time. If socket constructor does not return until the timeout expires, the controller terminates and throws an ConnectTimeoutException

Specified by:
createSocket in interface org.apache.commons.httpclient.protocol.ProtocolSocketFactory
Parameters:
host - the host name/IP
port - the port on the host
clientHost - the local host name/IP to bind the socket to
clientPort - the port on the local machine
params - Http connection parameters
Returns:
Socket a new socket
Throws:
IOException - if an I/O error occurs while creating the socket
UnknownHostException - if the IP address of the host cannot be determined
org.apache.commons.httpclient.ConnectTimeoutException

createSocket

public Socket createSocket(String host,
                           int port)
                    throws IOException,
                           UnknownHostException
Specified by:
createSocket in interface org.apache.commons.httpclient.protocol.ProtocolSocketFactory
Throws:
IOException
UnknownHostException
See Also:
ProtocolSocketFactory.createSocket(java.lang.String,int)

createSocket

public Socket createSocket(Socket socket,
                           String host,
                           int port,
                           boolean autoClose)
                    throws IOException,
                           UnknownHostException
Specified by:
createSocket in interface org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory
Throws:
IOException
UnknownHostException
See Also:
SecureProtocolSocketFactory.createSocket(java.net.Socket,java.lang.String,int,boolean)

getSslSocketFactory

protected SSLSocketFactory getSslSocketFactory()
Returns the SSLSocketFactory to use to create the sockets. If the sslContext is non-null, this is built from the sslContext; otherwise, this is the default SSLSocketFactory.

Returns:
the SSLSocketFactory to use to create the sockets.

setSSLContext

public void setSSLContext(SSLContext sslContext)
Sets the SSLContext to use.

Parameters:
sslContext - SSLContext to use.


Copyright © 2012. All Rights Reserved.